We were pretty much in the same boat though we have a new server almost ready to go, though that wasn't really relevent.
We set up a VM on the new server, running apache. xxxx.yourdomain.com You don't need a VM, we are just configuring this server with compartmentalized VMs so it worked well. Used certbot to set up a free ssl cert on the new machine. All we needed to do then is move the script that gets the response from auth.net to the new server. Change the response relay URL to https://xxxx.yourdomain.com/anetresponse.php and then have it send whatever you need to the old server. In our case, it was a bit easier because the VM could actually write the db entries in postgres directly and all the references on the page were fully qualified URLs. (Pretty rare for me, lol)
The jury is still out since we just did this a short time ago, but live tested it and have had a few transactions go through without a problem. You could certainly test in sandbox too, we were just time constrained.
Only note is we had to turn on Secure client renegotiation on the new server. I'll revisit that tomorrow but we were getting an error before we did that. Might be that it was started on a different server.